iOS Security Exploit Gives Apps Hidden Access to User Data

| News

Forbes reports that Charlie Miller, security researcher and well-known white hat hacker, has discovered a security vulnerability in iOS that allows apps approved by Apple and obtained via the App Store to illicitly access user data and the device’s settings via a code signing flaw.

Charlie Miller iPhone Exploit

Charlie Miller’s iOS Exploit Makes Every App a Potential Threat.

Although he plans to further discuss this vulnerability in Apple’s platform at the SysCan conference in Taiwan next week, Mr. Miller has already exploited the flaw by planting an app that takes advantage of the vulnerability in Apple’s App Store. The App, now removed, was originally approved by Apple with no conditions.

“Now you could have a program in the App Store like Angry Birds that can run new code on your phone that Apple never had a chance to check,” Mr. Miller explains. “With this bug, you can’t be assured of anything you download from the App Store behaving nicely.”

Mr. Miller discussed this flaw via a YouTube video first uploaded on September 23, 2011. He then officially notified Apple of the flaw on October 14. After Apple failed to acknowledge or fix the issue, the security researcher submitted his app taking advantage of the flaw and it was approved. It was only after Forbes broke Mr. Miller’s story that Apple responded by removing the app from the App Store.

In an unfortunate turn of events for both Apple and Mr. Miller, Apple terminated the researcher’s iOS Developer Membership in response to his proof-of-concept submission. Apple claims that the hidden code in the app violates the Developer Agreement, which prohibits developers from hiding, misrepresenting, or obscuring any part of a submitted app.

“I’m mad,” Mr. Miller responded in a statement to Forbes, “I report bugs to them all the time. Being part of the developer program helps me do that. They’re hurting themselves, and making my life harder.”

Apple did not immediately respond to The Mac Observer’s request for comment.

Sign Up for the Newsletter

Join the TMO Express Daily Newsletter to get the latest Mac headlines in your e-mail every weekday.

6 Comments Leave Your Own

furbies

Sounds like Apple would do well to employ Mr. Miller at least as a consultant for iOS security….

Lee Dronick

Sounds like Apple would do well to employ Mr. Miller at least as a consultant for iOS security

From what I understand they have done so on several occasions.

I have mixed feeling about Mr. Miller. On one hand I respect his skills, but on the other I don’t like him announcing that the side door to my house is unlocked until I have after I have bolted it.

jonricmd

People frequently complain about how long it takes Apple to fix security issues.  We need to keep in mind that although it is relatively easy to find the vulnerabilities, it is much harder to fix them.  Did Mr. Miller give them a solution to the vulnerability?  Apparently not.  It is very easy to criticize something being created or made when one doesn’t have to fix the problem.

furbies

I have mixed feeling about Mr. Miller. On one hand I respect his skills, but on the other I don?t like him announcing that the side door to my house is unlocked until I have after I have bolted it.

You’re right Lee

Maybe he needs to be taken down behind the wood shed, and reminded not to be such a loud mouth (in public)

Lee Dronick

@ furbies - From what I understand he once worked for the NSA, he should have learned about not making such things public. You tell Apple, they fix when they fix it and then you get your commendations and street cred.

furbies

You tell Apple, they fix when they fix it and then you get your commendations and street cred.

Sounds very much like a case of: “LOOK AT ME, LOOK AT ME”

What a Twat!

Log-in to comment